Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Thetempest.exe

  • Size

    836KB

  • Sample

    231003-lh895ahf6w

  • MD5

    1564e0d55798a05392c21c4e32af6c8b

  • SHA1

    538205c2ac6d66f796a25571548c31086c2e231a

  • SHA256

    030ca745bb45c5cba7e0dc933c2f36aa7c27a3716929027e1b9aa64c6ed60f81

  • SHA512

    32dc533f141d22452f97fb3ce58667058b8cf3b1e23659624b2449694a010e41e6909874a808d89306f7fc85c6d2bc2bc2c64a54b9117fe6cd4614c46cfbdd9b

  • SSDEEP

    24576:INPx3Tpgh9NZEak0F5SAz6uc1L9J8xVCT5ATqY2BXY6+g7:mBTMTq2MAz6VL9J8xVCT5AT2Y6N

Score
7/10

Malware Config

Targets

    • Target

      Thetempest.exe

    • Size

      836KB

    • MD5

      1564e0d55798a05392c21c4e32af6c8b

    • SHA1

      538205c2ac6d66f796a25571548c31086c2e231a

    • SHA256

      030ca745bb45c5cba7e0dc933c2f36aa7c27a3716929027e1b9aa64c6ed60f81

    • SHA512

      32dc533f141d22452f97fb3ce58667058b8cf3b1e23659624b2449694a010e41e6909874a808d89306f7fc85c6d2bc2bc2c64a54b9117fe6cd4614c46cfbdd9b

    • SSDEEP

      24576:INPx3Tpgh9NZEak0F5SAz6uc1L9J8xVCT5ATqY2BXY6+g7:mBTMTq2MAz6VL9J8xVCT5AT2Y6N

    Score
    7/10
    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks